paroga / roundcube-nonce_login

Plugin to allow login via an nonce, created by an api call, to avoid the sharing of credentials when multiple people use the same account.

Maintainers

Details

github.com/paroga/roundcube-nonce_login

Type:roundcube-plugin

1.0 2022-05-27 10:34 UTC

Requires

roundcube/plugin-installer: >=0.1.6

Requires (Dev)

None

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT f11e016497768ff228d86d5a2c00303e3443828f

Patrick Gansterer <paroga.woop@paroga.com>

security Authentication login nonce

dev-main
1.0

This package is auto-updated.

Last update: 2024-05-27 14:47:44 UTC

README

Plugin to allow login via an nonce, created by an api call, to avoid the sharing of credentials when multiple people use the same account.

When the plugin is installed, the roundcube instance will handle an additional endpoint at https://mail.example.com/?nonce_login. A HTTP GET request with a Basic Authorization header containing the login credntials (e.g. Authorization: Basic aW5mb0BleGFtcGxlLmNvbTpzZWNyZXQ=) will respond with a 201 status code and a Location header. The URL returned via the Location header can be used exactly once to login and does not contain any login credentials.